| |
|
MCSE 2003 : 70-298
|
| |
|
Module 1 Introduction to Designing security
|
| |
| 1.Introduction to Designing Security for Microsoft Networks |
| |
|
|
 |
Why Secure a Network?
|
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Introduces the reasons for securing a network
- Categorizes network security into three areas to better illustrate the reasons for having a secure network
|
- Briefly describes the reasons for securing a network
|
|
|
| |
|
|
|
Important Principles of Security
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses each network security concept using examples and graphs
|
- Briefly describes some important network security concepts
- No examples or pictures are provided
|
|
|
| |
|
|
|
Security Design and Implementation
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the phases in designing and implementing a secure network using actual screen shots
- Illustrates the reasons for taking preventive actions using realistic examples
|
- Briefly describes the designing and implementing phases of network security
- No pictures or examples are provided
|
|
|
| |
|
|
|
Overview of a Microsoft Network
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the security requirements for a Microsoft network using realistic examples
|
- Provides very simple descriptions for security areas of a Microsoft network
- No examples are provided
|
|
|
| |
|
|
|
Framework for Designing Security
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Introduces the process of designing a secure network infrastructure that will be discussed in later modules
- Illustrates the steps for designing a secure network infrastructure using pictures and/or examples
|
- Briefly describes the steps for designing a secure network infrastructure
- No pictures or examples are used
|
|
|
| |
| Module 2 Creating a Plan for Network Security |
| |
| |
|
1.Introduction to Security Policies
|
| |
|
|
|
What Are Security Policies?
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses security policies using examples and actual screen shots
|
- Provides only a simple description on security policies
|
|
|
| |
|
|
|
Types of Security Policies
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Introduces different types of security policies using pictures
- Compares the differences among various types of security policies
|
- Provides a simple description for each type of security policy
- No pictures or tables are provided as visual aids
|
|
|
| |
|
|
|
Why Are Procedures?
|
|
| |
|
|
|
Common Reasons That Security Policies Fail
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the reasons for security policies failure using graphical illustrations
|
- Provides a list of reasons for security policy failure
- No pictures are provided
|
|
|
| |
|
|
|
Guidelines for Creating Policies and Procedures
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the guidelines in detail using graphical examples
|
- Provides a general description for each guideline
- No pictures or examples are provided
|
|
|
|
2.Defining a Process for Designing Network Security
|
| |
|
|
|
Introduction to Microsoft Solutions Framework
|
|
| |
|
|
|
The Planning Phase for Network Security
|
|
| |
|
|
|
The Building Phase for Network Security
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Introduces the building phase using graphical examples
- Uses realistic scenarios to illustrates the potential threats created by untrained employees
|
- Explains the building phase in simple description only
- No examples are provided
|
|
|
| |
|
|
|
The Managing Phase for Network Security
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the managing phase using graphical examples
- Uses realistic scenarios to illustrates the reasons for needing a network management mechanism
|
- Provides a list of major tasks in the managing phase
|
|
|
| 3.Creating a Security Design Team |
| |
|
|
|
Core Team Members
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Introduces each of the members in the core team
- Discusses which member roles can be combined in the situation when there is not enough team members
|
- Provides a list of core team members with a brief description
- No examples are provided
|
|
|
| |
|
|
|
Extended Team Members
|
|
| |
|
|
|
Guidelines for Creating a Security Design Team
|
|
| |
| Module 3 Identifying Threats to Network Security |
| |
| 1.Introduction to Security Threats |
| |
|
|
|
Why Network Attacks Occur
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the reasons for network attacks to occur using pictures and real world examples
|
- Describes the reasons for network attacks in plain text only
- No pictures or examples are provided
|
|
|
| |
|
|
|
Who Attacks Network?
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the attack tactics and level of attackers
- Analyzes the ratio of external and internal attacks
- Introduces common attacks on the internal network
|
- Simply describes the attackers and attack tactics
|
|
|
| |
|
|
|
Common Types of Network Vulnerabilities
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Illustrates the common types of network vulnerabilities using actual screen shots and examples
|
- Provides a list of common types of network vulnerabilities
- No pictures or examples are provided
|
|
|
| |
|
|
|
How Network Attacks Occur
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Illustrates how network attacks occur using graphical examples and actual screen shots
- Introduces the tools that hackers will use for attacking networks using actual screen shots
|
- Provides a simple description on how different network attacks occur
- No pictures and examples are provided
|
|
|
| |
|
|
|
Difficulties in Defending Networks
|
|
|
2.Predicting Threats to Security
|
| |
|
|
|
The STRIDE Threat Model
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the STRIDE Threat Model using pictures and examples
- Discusses hacker attacks using realistic examples
|
- Describes the STRIDE Threat Model in plain text only
- No pictures or examples are provided
|
|
|
| |
|
|
|
Steps for Predicting Threats with a Threat Model
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the steps for creating a threat model using graphical examples
- Illustrates how to monitor information resources using a monitoring table
|
- Provides only a list of steps for creating a threat model
- No visual aids are provided
|
|
|
| |
|
|
|
How to create a Life Cycle Threat Model
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses how to create a life cycle threat model using pictures and actual screen shots
- Illustrates each phase in the life cycle threat model using pictures and examples
|
- Provides a simple description on creating a life cycle threat model
- No pictures or examples are provided
|
|
|
| |
|
|
|
Team Guidelines for Modeling Threats
|
|
| |
| Module 4 Analyzing Security Risks |
| |
|
1.Introduction to Risk Management
|
| |
|
|
|
Elements of Risk Management
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Introduces what Risk is before discussing the elements of risk management
|
- Provides very basic descriptions on the elements of risk management
|
|
|
| |
|
|
|
Why Risk Management Is Important
|
|
| |
|
|
|
Common assets to protect
|
|
| |
|
|
|
How to Categorize Assets
|
|
| |
|
|
|
How to Calculate the Value of Assets
|
|
|
2.Create a Risk Management Plan
|
| |
|
|
|
Overview of the MOF Risk Management Process
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the phases in the MOF risk management process in detail
|
- Introduces the five MOF stages of the risk management process without giving any descriptions
|
|
|
| |
|
|
|
How to Identify Risks to Assets
|
|
| |
|
|
|
How to Analyze Risk to Assets
|
|
| |
|
|
|
How to Track Changes to a Risk Management Plan
|
|
| |
|
|
|
Risk Management Controls
|
|
| |
|
|
|
Guidelines for Creating a Risk Management Plan
|
|
| |
| Module 5 Creating a Security Design for Physical Resources |
| |
| 1.Determining Threats and Analyzing Risk to Physical Resources |
| |
|
|
|
Physical Resources to Protect
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Illustrates various physical resources to protect using pictures and examples
|
- Introduces the five MOF stages of the risk management process without giving any descriptions
|
|
|
| |
|
|
|
Why Physical Security is Important
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Illustrates the importance of physical security using pictures and actual screen shots
|
- Describes some potential threats on physical security
- No pictures are provided
|
|
|
| |
|
|
|
Common Threat to Physical Security
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses each common threat to physical security using graphical examples
|
- Provides a list of common threats with no description
- No pictures or examples are provided
|
|
|
| 2.Designing Security for Physical Resources |
| |
|
|
|
Methods for Securing Facilities
|
|
| |
|
|
|
Methods for Securing Access to Computers
|
|
| |
|
|
|
Methods for Securing Portable Computers and Mobile Devices
|
|
| |
|
|
|
Considerations for Disaster Recovery Planning
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses how to plan for disaster recovery
- Illustrates how to handle disaster recovery using graphical examples
- Demonstrates how to ensure the operation of the system during a disaster
|
- Provides suggestions on how to plan for a disaster recovery
- No pictures, examples, or demonstrations are provided
|
|
|
| |
| Module 6 Creating a Security Design for Computers |
| |
| 1.Determining Threats and Analyzing Risk to Computers |
| |
|
|
|
The Security Life Cycle of a Computer
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Introduces the security life cycle using pictures and examples
- Illustrates the significance of applying security templates on a server using actual screen shots
|
- Describes the security life cycle in general
- No pictures or examples are provided
|
|
|
| |
|
|
|
Why Security of Computers Is Important
|
|
| |
|
|
|
Common Threats to Computers
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses each common threat using pictures and realistic examples
|
- Provides a list of common threats to computers without a ?detailed description
- No pictures or examples are provided
|
|
|
| 2.Designing Security for Computers |
| |
|
|
|
Common Methods for Performing an Initial Installation Securely
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the common methods for performing an initial installation securely using pictures and realistic examples
- Illustrates how to increase network security using a RIS Server
|
- Briefly describes the common methods for performing an initial installation securely
- No pictures or examples are provided
|
|
|
| |
|
|
|
How to Create a Secure Baseline Configuration
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses each step in configuring secure baseline using graphical examples and actual screen shots
- Illustrates how to examine the password configuration using actual screen shots
|
- Provides a list of steps for creating a secure baseline configuration
- No examples or pictures are provided
|
|
|
| |
|
|
|
How to Design Security for Specific Computer Roles
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses each step in the designing process of security for specific computer roles using actual screen shots and examples
- Illustrates the potential threats on different servers using a series of pictures
|
- Provides a description of designing security for specific computer roles
- No pictures or examples are provided
|
|
|
| |
|
|
|
Common Methods for Applying Security Updates
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the common methods for applying security updates using pictures and realistic examples
|
- Provides descriptions of various types of security updates
- No pictures or examples are provided
|
|
|
| |
|
|
|
Common Methods for Accessing the Security of Computers
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the common methods for accessing the security of computers using pictures and realistic examples
- Illustrates how to use MBSA to examine security settings using actual screen shots
|
- Introduces the common methods for accessing the security of computers
- No pictures or examples are provided
|
|
|
| |
|
|
|
How to Decommission Computers Securely
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Illustrates how to decommissioning a computer securely using pictures
- Introduces the cipher tool that is used to clear the hard disk information completely on a decommissioned computer
|
- Provides a procedure for decommissioning a computer securely
- No pictures are provided
|
|
|
| |
| Module 7 Creating a Security Design for Accounts |
| |
|
1.Determining Threats and Analyzing Risk to Accounts
|
| |
|
|
|
Account Types and Their Security Requirements
|
|
| |
|
|
|
Why Account Security Is Important
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the importance of account security
- Illustrates how a hacker can obtain an account password using pictures
|
- Briefly introduces why account security is important
|
|
|
| |
|
|
|
Common Vulnerabilities of Accounts
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses some common vulnerabilities of accounts using pictures and actual screen shots
- Illustrates the potential threats on local accounts using realistic examples
|
- Provides a list of vulnerabilities of accounts in plain text only
- No pictures or examples are provided
|
|
|
|
2.Designing Security for Accounts
|
| |
|
|
|
Guidelines for Granting Rights and Permissions
|
|
| |
|
|
|
Considerations for Using and Managing Accounts
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the considerations for using and managing accounts
- Illustrates how to use the Ldifde tool to obtain account information and potential issues using a series of pictures
|
- Briefly introduces how to use and manage accounts
|
|
|
| |
|
|
|
Guidelines for Using Administrative and Service Accounts
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the guidelines for using administrative and service accounts using pictures and examples
- Illustrates how to use local account using pictures
|
- Provides a list of administrative and service accounts with general descriptions
- No pictures or examples are provided
|
|
|
| |
|
|
|
How Account Passwords Are Stored
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the potential issues for account password storing using examples and actual screen shots
- Discusses the reasons for having security issues on? account password storing using actual screen shots
|
- Briefly describes the account password storing methods and potential security issues
- No pictures or examples are provided
|
|
|
| |
|
|
|
Considerations for Designing Password Policies
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Illustrates the considerations for designing password policies using actual screen shots and examples
- Discusses how to construct a complex password using realistic examples
|
- Provides a list of considerations for designing password policies
- No pictures or examples are provided
|
|
|
| |
| Module 8 Creating a Security Design for Authentication |
| |
| 1.Determining Threats and Analyzing Risk to Authentication |
| |
|
|
|
Overview of Authentication
|
|
| |
|
|
|
Why Authentication Security Is Important
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the significance for authenticating security using pictures and actual screen shots
|
- Provides descriptions on authentication security
- No pictures are provided
|
|
|
| |
|
|
|
Common Vulnerabilities of Authentication
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Introduces the common vulnerabilities of authentication using examples and actual screen shots
- Illustrates the different vulnerabilities of various versions of authentication using a series of pictures
|
- Describes the common vulnerabilities of authentication in general
- No pictures or examples are provided
|
|
|
| 2.Designing Security for Authentication |
| |
|
|
|
Steps for Determining Authentication Requirements
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Illustrates the process of determining authentication requirements using actual screen shots and examples
- Discusses how to? troubleshoot some problematic scenarios using realistic examples
|
- Provides a list of steps for determining authentication requirements
- No pictures or examples are provided
|
|
|
| |
|
|
|
LAN Authentication Protocols
|
|
| |
|
|
|
Considerations for Authentication Accounts on a LAN
|
|
| |
|
|
|
Considerations for Authenticating Web Users
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses authentication methods for web users using examples and actual screen shots
- Discusses the reasons for logging in without password using actual screen shots
|
- Provides some considerations for authenticating web users
- No pictures or examples are provided
|
|
|
| |
|
|
|
Considerations for Authenticating RAS Users
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses different authentication methods for RAS users using examples and actual screen shots
- Compares the differences of various authentication methods and provides suggestions
|
- Provides some considerations for authenticating RAS users
- No pictures or examples are provided
|
|
|
| |
|
|
|
What is Multifactor Authentication?
|
|
| |
|
|
|
Considerations for Authentication Applications and Network Devices
|
|
| |
| Module 9 Creating a Security Design for Data |
| |
| 1.Determining Threats and Analyzing Risk to Data |
| |
|
|
|
Overview of Access Control
|
|
| |
|
|
|
Why Securing Data Is Important
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the importance of securing data using actual screen shots
|
- Briefly describes the major points of securing data
- No pictures are provided
|
|
|
| |
|
|
|
Common Vulnerabilities of Data
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Illustrates common vulnerabilities to data using examples and actual screen shots
- Discusses issues that arise if not enough privileges are assigned using actual screen shots
|
- Provides some common vulnerabilities to data
- No pictures or examples are provided
|
|
|
| 2. Designing Security for Data |
| |
|
|
|
Steps for Designing an Access Control Model
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses the steps for designing an access control model using pictures
|
- Provides a list of steps for designing an access control model
- No pictures are provided
|
|
|
| |
|
|
|
Steps for Designing EFS Policies
|
|
| Pviva Training CDs |
Reference Textbooks |
Boot Camps |
- Discusses steps for designing EFS policies
- Demonstrates how EFS encryption works
|
- Describes the steps for designing EFS policies
- No demonstrations are provided
|
|
|
| |
|
|
|
Guidelines for Managing Data Securely
|
|
| |
